in plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java [208:249]
protected ResponseState getValidResponseState(Cookie securityContextCookie,
FedizContext fedConfig,
Message m) {
if (securityContextCookie == null) {
// most likely it means that the user has not been offered
// a chance to get logged on yet, though it might be that the browser
// has removed an expired cookie from its cache; warning is too noisy in the
// former case
reportTrace("MISSING_RESPONSE_STATE");
return null;
}
String contextKey = securityContextCookie.getValue();
ResponseState responseState = stateManager.getResponseState(contextKey);
if (responseState == null) {
reportError("MISSING_RESPONSE_STATE");
return null;
}
if (CookieUtils.isStateExpired(responseState.getCreatedAt(), fedConfig.isDetectExpiredTokens(),
responseState.getExpiresAt(), getStateTimeToLive())) {
reportError("EXPIRED_RESPONSE_STATE");
stateManager.removeResponseState(contextKey);
return null;
}
String webAppContext = getWebAppContext(m);
if (webAppDomain != null
&& (responseState.getWebAppDomain() == null
|| !webAppDomain.equals(responseState.getWebAppDomain()))
|| responseState.getWebAppContext() == null
|| !webAppContext.equals(responseState.getWebAppContext())) {
stateManager.removeResponseState(contextKey);
reportError("INVALID_RESPONSE_STATE");
return null;
}
if (responseState.getAssertion() == null) {
reportError("INVALID_RESPONSE_STATE");
return null;
}
return responseState;
}